Your privacy is important to ABSSAC Limited. This privacy statement provides information about the personal information that ABSSAC Limited collects, and the ways in which ABSSAC Limited uses that personal information.
Personal information collection
ABSSAC Limited may collect and use the following kinds of personal information:
- information about your use of this website
- information that you provide using for the purpose of registering with the website (including details used to contact us)
- any other information that you send to ABSSAC Limited
Using personal information
ABSSAC Limited may use your personal information to:
- administer this website;
- personalize the website for you;
- enable your access to and use of the website services;
- send you marketing communications.
Where ABSSAC Limited discloses your personal information to its agents or sub-contractors for these purposes, the agent or sub-contractor in question will be obligated to use that personal information in accordance with the terms of this privacy statement. In addition to the disclosures reasonably necessary for the purposes identified elsewhere above, ABSSAC Limited may disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights.
Securing of your data
ABSSAC Limited will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. ABSSAC Limited will store all the personal information you provide on its secure servers.
ABSSAC GDPR Compliance Statement
The European Commission has made changes to the 1995 EU Data Protection Directive with the aim to strengthen Personal Privacy Rights. This new set of regulations is known as the General Data Protection Regulation (GDPR) and will affect all organisations which need to be compliant when it comes into force on 25th May 2018. (The UK Government has confirmed that the UK’s decision to leave the EU will not affect the implementation of GDPR) The current EU Data Protection Directive has been adopted by each country in its own way, leading to different interpretations and enforcements. Given the vast technology changes, the daily use of the internet and social media, the GDPR has been created to address the exploitation of personal data. European organisations must ensure that any companies they work with, where processing of personal data is involved, comply with GDPR, regardless of the location of that third party. ABSSAC is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles.
To ensure GDPR compliance ABSSAC have undertaken the following: -
Policies & Procedures – Our data protection policies and procedures have been reviewed to meet the requirements and standards of the GDPR and any relevant data protection laws, including: Appointed Kerry Easton as our Data Protection officer. Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Data Retention & Erasure – we have updated our retention policy and schedule to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly. Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.
International Data Transfers & Third-Party Disclosures – where ABSSAC stores or transfers personal information outside the EU, we have procedures and safeguarding measures in place to secure and maintain the integrity of the data. Our procedures include provisions for standard data protection clauses and model contract clauses for those countries who are not considered by the ICO to have an adequate level of protection. We carry out due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place and are GDPR compliant.
Subject Access Request (SAR) – we have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
Obtaining Consent for Processing - we reviewed our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use & process it under the Legitimate Interests basis. Individuals can easily withdraw this consent at any time.
Direct Marketing – we have revised the wording and processes for direct marketing, including a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials. To ensure compliance with the current PECR (Privacy & Electronic Communications Regulations) rules we have updated our consent opt-in & opt-out processes.
Data Protection Impact Assessments (DPIA) – we have implemented documentation processes that record each assessment and allow us to rate the risk posed by the processing activity.
Processor Agreements – where we use any third-party to process personal information on our behalf (i.e. Printer, Mailing House, Payroll, Recruitment, Hosting, etc), we have in place compliant Data Processor Agreements for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include an initial data processing benchmark assessment & the processor signing a Data Processor GDPR compliance agreement.
Data Subject Rights - In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via our websites of an individual’s right to access any personal information that ABSSAC processes about them and to request information about: -
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- The right to lodge a complaint with the ICO.
Information Security & Technical and Organisational Measures - ABSSAC takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures. ABSSAC understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR. This includes the creating of an employee Data Protection Policy document and an employee awareness program which will be provided to all employees prior to May 25th, 2018, and forms part of our induction and annual training program.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. Privacy for our contact forms is dealt with via the HTTPs secure connection for the forms. There is a log of messages in the website database for anti-spam purposes. However the records are all "hashed" so it's safe and private; the original email or address isn't recoverable from that. The website's own cookies are just "session" cookies which don't themselves contain any personal information. Site cookies are just used for keeping track of contact forms if the user misses a "required" field for example, so they don't have to fill everything out again. There will also be 3rd party cookies for Google Analytics and social media, but the user is made aware of these via the "cookie notice" that appears at the bottom of the page has information about the use of the session cookie and analytics. The social media integrations also have links to pages that explain what they are, and include links to privacy/cookie policies. Google Analytics has had an update to its systems to offer some new controls there for GDPR, a link for this can be provided on request.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways: Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at firstname.lastname@example.org. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen. You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to;